SP+ is driven by Our Promise, "Making Every Moment Matter for a World on the Go." Our team understands that time is scarce, so we are intentional about putting ourselves in the shoes of those we serve. The result is a unique combination of talented people and industry-leading technology that enables SP+ to prioritize each and every moment, recognizing that the time colleagues, clients and customers invest in us must always matter.

The Information Security Administrator will provide daily support for management of security administration and help to ensure the confidentiality, integrity and availability of SP+'s information assets, with an overall focus on ensuring secure operations of corporate computer systems, servers, applications and network connections. We are currently seeking qualified candidates with a focus on Identity and Access administration (PCI, SOX). The Administrator role will support IT security initiatives and compliance through monitoring, analyzing, auditing and managing security related components of the corporate and field IT environment. The Information Security Administrator's role will also focus on the creation and/or maintenance of policies, standards, baselines, guidelines and procedures, as well as conducting vulnerability audits and risk assessments.

*Hybrid working model if you live within commuting distance from our corporate offices in Chicago or Nashville. Flexibility for fully remote if you reside elsewhere in the Midwest (e.g. Indiana, Iowa, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, and Wisconsin).

What we offer

Health Insurance, Vision, and Dental
• Fully Remote / Hybrid Working Model (Must be based in the Midwest or Nashville).
• 401(K) Match Program with immediate match
• Short-Term and Long-Term Life Disability
• Life Insurance
• Paid time off, including vacation, mental health, sick and holidays
• PayActiv - On-demand pay for the money you have already earned.
• Fantastic opportunities for career growth
• Hybrid working model
• A knowledgeable, high-achieving, experienced team
• Learning opportunities through our internal training program, SP+ University
• A diverse company that cares about inclusion, innovation and the environment. Visit www.spplus.com to learn more
• A free and confidential employee assistance program (EAP) that provides support and resources to employees and their families 24/7

What you'll do

• Facilitate compliance with government and regulatory requirements such as Payment Card Industry-Data Security Standards (PCI-DSS), Fair and Accurate Credit Transactions Act (FACTA), and Sarbanes-Oxley (SOX).
• Create, implement and manage the organization's access provisioning standards, to include new user permissions, access modifications and deprovisioning of access
• Enforce and update account permission functions utilizing the organization's Role-Based Access Control (RBAC) model
• Performing periodic audits to sustain compliance with internal security policy and remediation of compliance gaps as identified in security related testing procedures
• Monitoring user access controls, managing changes to ensure that access control rights are appropriate to business needs and terminating network and application access as appropriate
• Ensure that all security risks identified through security assessments are managed and communicated clearly and effectively to IT and Business Unit Management
• Develop, implement, operate and maintain in-house software security tools - to include anti-virus (AV), intrusion detection/prevention (IDS/IPS), file integrity monitoring, change management, privileged access, vulnerability & patch management - develop recommendations to keep or expand the current information security tool set
• Use existing information security tool sets to monitor networks and their components (firewalls, routers, access points, computers, servers) for security related events and/or vulnerabilities the could expose the organization to excessive risk
• Run monitoring software on storage, application and network drive environment, to locate data that should not be stored in those systems or data that can be stored and is not sufficiently secured
• Perform audit processes as required for SOX, PCI and other compliance standards as appropriate based on defined security controls in place within SP+
• Assist in ensuring that the company's employees appreciate the benefits of security to the organization by contributing to the Information Security Training & Awareness program

What you need

The ideal candidate will have excellent communication skills (written and verbal), project planning and prioritization skills. You must be self-motivated and detail-oriented with a strong sense of urgency, and be a creative problem solver.

Desired Experience

• Experience working in an Information Security Department
• Direct experience with Identity & Access Management (IAM) automation tools
• Direct hands on experience with security systems tool sets such as anti-virus, firewall configurations, intrusion detection, log detection/inspection, vulnerability management, patch management, identity & access management, privileged access management
• Administration, implementation and troubleshooting skills encompassing baseline security control framework
• Experience in creating security baselines / authorship of information security policies, procedures, standards and baselines
• Experience with standards such as ISO 27001/27002, NIST, COBIT, or other security frameworks
• Information Security-related certifications such as CompTIA Security+, ISC2 CC and SSCP
• Cloud Platform experience such as Google Enterprise and Amazon AWS

Other Qualifications/Competencies

• Strong analytical and problem solving skills for resolving security issues
• Good organizational, project planning and prioritization skills to balance work and projects
• Good interpersonal skills to interact with customers, team members and support personnel, as well as excellent written and verbal communication skills
• Strong skills implementing and assessing the security posture of an organization based on company defined security controls and baselines
• Ability to work in a team environment

SP+ is an equal opportunity employer committed in policy and practice to recruit, hire, train, and promote, in all job classifications, without regard to race, color, ancestry, religion, sex, age, national origin, citizenship status, marital status, sexual orientation, veteran status, gender identity, disability or other classes protected by federal or state law. SP+ does not tolerate harassment or retaliation against any employee or applicant based on these characteristics or because the individual exercised their EEO rights.